Change to the cert directory.
The following example illustrates the location of the cert directory:
PolicyAgent-base/AgentInstance-Dir/cert
The following is a feasible example of the full path to the cert directory without the PolicyAgent-base placeholder:
/usr/local/webagents/apache22_agent/Agent_001/cert
Set the proper environment by issuing the following command:
setenv LD_LIBRARY_PATH PolicyAgent-base/lib:/usr/lib/mps
(Conditional) If you have not already created the necessary certificate database, create that database now by issuing the following command:
PolicyAgent-base/bin/certutil -N -d .
The following is a feasible example of how this command might look without the PolicyAgent-base placeholder:
/usr/local/webagents/apache22_agent/bin/certutil -N -d .
For more information about the directory structure, see Inside the Web Agent Base Directory.
Install root CA certificate by issuing the following command:
PolicyAgent-base/bin/certutil -A -n cert-name -t "C,C,C" -d cert-dir -i cert-file
The name for this root CA certificate
The directory where the certificate and key stores are located
The base-64 encoded root CA certificate file
For example, if the Root CA certificate of the Access Manager host is present in the directory PolicyAgent-base/Agent_001/cert and if the name of this certificate file is root_ca.crt, then the following command would be appropriate:
PolicyAgent-base/bin/certutil -A -n am_root_ca_cert -t "C,C,C" -d . -i root_ca.crt
The following is a feasible example of how this command might look without the PolicyAgent-base placeholder:
/usr/local/webagents/apache22_agent/bin/certutil -A -n am_root_ca_cert -t "C,C,C" -d . -i root_ca.crt
To verify that the certificate is properly installed, using the command line, issue the following command:
PolicyAgent-base/bin/certutil -L -d .
The root CA certificate is then listed in the output of the certutil -L command as illustrated in the following code example:
Certificate Name Trust Attrubutes cert-name C,C,C p Valid peer P Trusted peer (implies c) c Valid CA T Trusted CA to issue client certs (implies c) C Trusted CA to certs(only server certs for ssl) (implies c) u User cert w Send warning |
Restart Apache HTTP Server.